• User Login
• New User

• Pardon me, your @ is showing
  Thu, Mar 29th 2007, 18:41

  This is another post about the fight against bots. This time it is email-address-harvesting bots that I'm worried about.

  Here are five of the variety of techniques employed to obscure email addresses.

  1. Put the address in an image
  2. Add characters to the address
  3. Put the address in separate table cells
  4. Put the address in discrete, unordered tags.
  5. Use javascript to insert the address into the document

  Technique 1 will fool most bots, but it makes it more cumbersome to send an email, since the user can't copy and paste.

  Using technique 1 you could create the image by hand, if there were only a small number of addresses, and a change of address was rare. But if you had many addresses, say from registered users, then you would have to use programmatic image creation tools. PHP offers good support for this sort of thing. You can install the python imaging library to do the same stuff in python. And other languages probably have similar capabilities. Example:
  

  Technique 2 is used in the comments of the php.net site. While this is a fairly safe method for displaying your address on a public site, it is not immune to a intelligently designed bot. I would think of some original formatting before posting my address like this. Example:

  joe at example dot com

  Technique 3 is simple to use and probably escapes detection by simple bots. But even marginally intelligent bots will strip the html tags from a page.

  joe

  @

  example

  .com

  Technique 4 is a more effective alternative to using tables. The idea is to construct elements that do not appear in the correct order in the markup, but then use CSS positioning to put them in the correct order.

  This technique will fall under the radar of most bots. However, this technique generally breaks copy and paste. Example:

  @example.comjoe

  
  
  

  Technique 5 will escape detection by all but the most advanced bots. Because bots look at a web page as static text, they will not be able to detect changes javascript makes to the document. And if you require user interaction like mouse over, it makes it doubly safe. However, this technique will not work for browsers without proper javascript support. Example:

  After writing this I did a Google search and found A more thorough take by Sarven Capadisli

  Technology

• Home

Comments

• New Comment
• Home

• 2006
• October (2)
• November (2)
• December (1)
• 2007
• January (1)
• March (1)
• April (1)
• May (1)
• June (2)
• October (1)
• 2008
• April (3)
• November (1)
• 2009
• April (1)
• May (1)
• June (1)
• July (1)
• August (1)
• November (1)
• 2010
• February (3)

• Boot-strapping
• The Final Beast
• Out fooling those bots
• Out fooling those bots II
• The oddball
• Rewriting the wheel
• Pardon me, your @ is showing
• Problems and Network Solutions
• soySearch – for those hard to find condiments
• Ubuntu without the wires
• Counting to 2.0
• Sharing the app folder in cakePHP
• Speed bumps in Mexico
• Celebrating potable water
• What to eat
• Builders and critics
• The grip of the sow.
• It is easy to complain
• Turing Twitter
• How hard is security?
• Facebook like AOL
• Zip it
• iContact pwned
• Breaking up with ServerPronto
• Breaking up with ServerPronto continued